Policy pursuant to Art. 13 of EU Regulation 2016/679 for the Video Surveillance System
Protecting the privacy of our guests is of paramount importance to us and we safeguard it in accordance with our obligations under current legislation. Pursuant to Art. 13 of the EU Regulation 2016/679 (hereinafter referred to as GDPR - General Data Protection Regulation), the company STARHOTELS S.p.a., as Data Controller, provides you with the following information on how your personal data are processed within our facilities with reference to the Video Surveillance System present therein.
DATA CONTROLLER AND VIDEO SURVEILLANCE DATA PROCESSOR
Pursuant to Art. 4(7) of GDPR 2016/679, the Data Controller is the company STARHOTELS S.p.a. with registered office at Via F. Turati, 29 - 20121 Milan.
The Video Surveillance Data Processor, formally appointed within the Data Controller's organisation, is the Hotel Manager.
THE DATA PROTECTION OFFICER (DPO)
Pursuant to Art. 37 of GDPR 2016/679, STARHOTELS S.p.a. has appointed a company Data Protection Officer (DPO), who can be contacted at the following email address: dpo@starhotels.com. Certified email (PEC): starhotels_dpo@legalmail.it
PURPOSE, LEGAL BASIS OF PROCESSING AND NATURE OF PROVISION
Starhotels S.p.a., at its hotel facilities, uses a video surveillance system to pursue its legitimate interests within the meaning of Art. 6(f) of EU Regulation 2016/679, i.e. to ensure the safety of persons, property and for the protection of its assets.
In particular, video-recorded images acquired through the video surveillance system are processed for the following purposes:
- to be a deterrent against possible aggression, theft, robbery, damage, sabotage or vandalism while improving security within the hotel for staff, customers and all those passing through the hotel;
- to facilitate the possible exercise, in civil or criminal proceedings, of the right of defence of the data controller or third parties on the basis of useful images in the event of unlawful acts;
- to respond to any requests from the judicial authorities in the course of investigations.
The system in question has been designed, configured and installed in compliance with the current legislation on video surveillance (EU Regulation 2016/679, Art. 4 Law 300/1970, Decision of the Italian Data Protection Authority of 8 April 2010) with the utmost attention to the installation and configuration of the cameras so as not to invade the privacy of the individual in accordance with the principles of relevance and non excess, collecting only the data strictly necessary to achieve the purposes pursued.
For details of the location of the cameras in the facility, please contact the Video Surveillance Data Processor mentioned above.
RECIPIENTS OF PERSONAL DATA - COMMUNICATION AREAS
Your personal data will be processed by the hotel's in-house staff who have been formally appointed as data processors and who have been trained in data security and privacy rights. The data will not be disseminated and may be communicated to judicial authorities or the judicial police upon formal and reasoned request.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
Your personal data are not transferred to third countries or international organisations.
RETENTION OF PERSONAL DATA
The data acquired will be retained for a maximum period of 5 days; Once this time limit has been exceeded, the data will always be deleted by over-recording, unless requested by the authorities or the judicial police or, in any event, following criminal events, damage to company assets, unauthorised access to the premises by staff and/or third parties, or theft of company materials and products.
AUTOMATED PROCESSING
The data controller does not carry out processing based on automated decision-making, nor does it carry out automated processing for profiling purposes, activities that produce legal effects and that may significantly affect your person.
RIGHTS OF THE DATA SUBJECT
The data subject has the right to request from the data controller access to personal data concerning them, rectification or erasure of those data, restriction of processing, portability of data, has the right to object to processing, has the right to object to profiling and to lodge a complaint with a supervisory authority.
The data subject has the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
For the complete and exhaustive list of rights that can be exercised by the data subject, please refer to Art. 15 et seq. of GDPR 2016/679.
The data subject's rights can be exercised by contacting the Data Protection Officer by email: dpo@starhotels.com or by Certified email (PEC) at: starhotels_dpo@legalmail.it